# {{ ansible_managed }}

[DEFAULT]
# Disable stderr logging
use_stderr = False
debug = {{ debug }}
fatal_deprecations = {{ heat_fatal_deprecations }}

use_journal = True

stack_domain_admin_password = {{ heat_stack_domain_admin_password }}
stack_domain_admin = {{ heat_stack_domain_admin }}
stack_user_domain_name = {{ heat_stack_user_domain_name }}
max_nested_stack_depth = {{ heat_max_nested_stack_depth }}
heat_waitcondition_server_url = {{ heat_waitcondition_server_url }}
heat_metadata_server_url = {{ heat_metadata_server_url }}
server_keystone_endpoint_type = public

deferred_auth_method = {{ heat_deferred_auth_method }}
trusts_delegated_roles = {{ heat_trusts_delegated_roles | join(',') }}

auth_encryption_key = {{ heat_auth_encryption_key }}

num_engine_workers = {{ heat_engine_workers | default(heat_api_threads) }}

## RPC Backend
transport_url = {{ heat_oslomsg_rpc_transport }}://{% for host in heat_oslomsg_rpc_servers.split(',') %}{{ heat_oslomsg_rpc_userid }}:{{ heat_oslomsg_rpc_password }}@{{ host }}:{{ heat_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ heat_oslomsg_rpc_vhost }}{% if heat_oslomsg_rpc_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

## Plugin dirs
plugin_dirs = {{ heat_plugin_dirs | join(',') }}

# Default region name used to get services endpoints.
region_name_for_services = {{ heat_service_region }}

default_software_config_transport = POLL_SERVER_HEAT
default_deployment_signal_transport = HEAT_SIGNAL

[clients]
endpoint_type = {{ heat_clients_endpoint }}

[clients_heat]
endpoint_type = {{ heat_clients_heat_endpoint }}

[clients_keystone]
insecure = {{ keystone_service_internaluri_insecure | bool }}
endpoint_type = {{ heat_clients_endpoint }}
auth_uri = {{ keystone_service_internaluri }}

[database]
connection = mysql+pymysql://{{ heat_galera_user }}:{{ heat_container_mysql_password }}@{{ heat_galera_address }}/{{ heat_galera_database }}?charset=utf8{% if heat_galera_use_ssl | bool %}&ssl_ca={{ heat_galera_ssl_ca_cert }}{% endif %}

[ec2authtoken]
auth_uri = {{ keystone_service_internaluri }}

[heat_api]
bind_port = {{ heat_service_port }}
workers = {{ heat_api_workers | default(heat_api_threads) }}

[heat_api_cfn]
bind_port = {{ heat_cfn_service_port }}

[oslo_messaging_rabbit]
ssl = {{ heat_oslomsg_rpc_use_ssl }}

{% if heat_service_publicuri_proto != heat_service_internaluri_proto %}
[oslo_middleware]
enable_proxy_headers_parsing = True
{% endif %}

# Ceilometer options
[oslo_messaging_notifications]
driver = {{ (heat_ceilometer_enabled | bool) | ternary('messagingv2', 'noop') }}
transport_url = {{ heat_oslomsg_notify_transport }}://{% for host in heat_oslomsg_notify_servers.split(',') %}{{ heat_oslomsg_notify_userid }}:{{ heat_oslomsg_notify_password }}@{{ host }}:{{ heat_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ heat_oslomsg_notify_vhost }}{% if heat_oslomsg_notify_use_ssl | bool %}?ssl=1{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}


[profiler]
enabled = {{ heat_profiler_enabled }}
trace_sqlalchemy = {{ heat_profiler_trace_sqlalchemy }}


[keystone_authtoken]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ heat_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
www_authenticate_uri = {{ keystone_service_internaluri }}
project_domain_id = {{ heat_service_project_domain_id }}
user_domain_id = {{ heat_service_user_domain_id }}
project_name = {{ heat_service_project_name }}
username = {{ heat_service_user_name }}
password = {{ heat_service_password }}
region_name = {{ keystone_service_region }}

memcached_servers = {{ memcached_servers }}

token_cache_time = 300

# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcached_encryption_key }}

[trustee]
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ heat_keystone_trustee_auth_plugin }}
auth_url = {{ keystone_service_adminurl }}
user_domain_id = {{ heat_service_trustee_user_domain_id }}
username = {{ heat_service_trustee_user_name }}
password = {{ heat_service_trustee_password }}

[volumes]
# Indicate if cinder-backup service is enabled. This is a temporary workaround
# until cinder-backup service becomes discoverable, see LP#1334856. (boolean
# value)
backups_enabled = {{ heat_cinder_backups_enabled }}
